ELM Bulletin - April 15, 2009
Conficker Prevention & Removal
Following the recent media coverage of the Conficker Worm (aka Downadup) we have received numerous calls asking what precautions must be taken to prevent (or cure) an infection by the Conficker Worm. This ELM Bulletin presents some of the options available to you to protect yourself from this, and other, malware. Portions of this bulletin are paraphrased from the May 2009 issue of PC World.
INTRODUCTION
The Conficker Worm achieved notoriety because of its sophisticated design and its ability to contact its creators on April 1st for activation instructions. That it has been mostly dormant is largely because too many people are aware of it. (Malware creators would rather quietly take over your computer than receive widespread fame.) Newer versions have been detected, indicating that the creators of Conficker are still working to make money by gaining control of as many computers as possible.
Conficker spreads by writing itself to network shares or removable media (such as CDs, DVDs, external hard drives or Memory Keys) and using Windows' Autorun feature to install itself on any computer where the media is used.
PREVENTION
A – Conficker gains entrance through a security hole in Windows computers that Microsoft repaired in October, 2008; as reported on Security Bulletin MS08-067. See the website below for more information.
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Any computer configured to automatically install Windows Updates will already have the appropriate patch installed. You can run Windows Update to ensure you have this fix. To do this on most Windows Systems simply follow the steps below:
Click on the Start button at the lower left of your display
Select All Programs
Select Windows Update from the list of programs
Check for updates and ensure that MS08-067 has been installed
If you have the time, and your system has been recently backed up, you would be well advised to install all available updates
B – Disable Windows' Autorun on your computer following the instructions at the following Microsoft website.
DETECTION & DISINFECTION
Like most worms, Conficker will try to disable any security software installed on the computer and, once it has infected the system, will prevent access to various security websites. If you cannot access any of the websites listed below you may be infected by Conficker or some other malware.
Tools are readily available to remove Conficker and other worms but they must be downloaded using a known clean computer in order to bypass the barriers on the computer infected by the worm. Since ELM Computer Systems has extensive experience in this type of work we recommend that you contact us to remove the worm for you rather than attempting to do it on your own. We'll save you time and money and we'll get the job done right.
As always, please do not hesitate to contact me if you have any questions about this or any other issue.
Past ELM Bulletins are available from our website, please forward them to anyone you wish.
Peter Rhebergen Telephone |
Websites & Publications Product Websites |
.jpg)
